Information security, cybersecurity and privacy protection — Physically unclonable functions — Part 1: Security requirements

This document specifies the security requirements for physically unclonable functions (PUFs). Specified security requirements concern the output properties, tamper-resistance and unclonability of a single and a batch of PUFs. Since it depends on the application which security requirements a PUF needs to meet, this documents also describes the typical use cases of a PUF. Amongst PUF use cases, random number generation is out of scope in this document.

Sécurité de l'information, cybersécurité et protection de la vie privée — Fonctions non clonables physiquement — Partie 1: Exigences de sécurité

General Information

Status
Published
Publication Date
08-Dec-2020
Current Stage
6060 - International Standard published
Start Date
09-Dec-2020
Due Date
19-Jun-2021
Completion Date
09-Dec-2020
Ref Project

Relations

Buy Standard

Standard
ISO/IEC 20897-1:2020 - Information security, cybersecurity and privacy protection — Physically unclonable functions — Part 1: Security requirements Released:12/9/2020
English language
16 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
ISO/IEC 20897-1:2020 - Information security, cybersecurity and privacy protection -- Physically unclonable functions
English language
16 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 20897-1
First edition
2020-12
Information security, cybersecurity
and privacy protection — Physically
unclonable functions —
Part 1:
Security requirements
Sécurité de l'information, cybersécurité et protection de la vie
privée — Fonctions non clonables physiquement —
Partie 1: Exigences de sécurité
Reference number
©
ISO/IEC 2020
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Security requirements for PUFs . 3
5.1 General . 3
5.2 PUF interface . 4
5.3 PUF building blocks . 4
5.4 Use cases of PUF . 5
5.4.1 Security parameter generation . 5
5.4.2 Device identification . 6
5.4.3 Device authentication . 6
5.5 Security requirements . 8
5.5.1 General. 8
5.5.2 Steadiness . 9
5.5.3 Randomness. 9
5.5.4 Uniqueness. 9
5.5.5 Tamper-resistance . 9
5.5.6 Mathematical unclonability . 9
5.5.7 Physical unclonability. 9
5.6 Mapping between security requirements and use cases .10
Annex A (informative) Classification of PUF .12
Annex B (informative) Some PUF implementations .13
Annex C (informative) PUF life-cycle .15
Bibliography .16
© ISO/IEC 2020 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www .iso .org/ iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, Information security, cybersecurity and privacy protection.
A list of all parts in the ISO/IEC 20897 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved

Introduction
This document specifies the security requirements for physically unclonable functions (PUFs) for
generating non-stored cryptographic parameters.
Cryptographic modules generate the certain class of critical security parameters such as a secret
key using a random bit generator within the modules. Such modules can store generated security
parameters in embedded non-volatile memory elements. For higher security, a combination of tamper
response and zeroization techniques may be used for protecting stored security parameters from active
unauthorized attempts of accessing such parameters. However, as the reverse-engineering technology
advances, the risk of theft of such stored security parameters has become higher than ever.
The rapidly pervading technology called a PUF is promising to mitigate the above-mentioned risks
by enabling security parameter management without storing such parameters. PUFs are hardware-
based functions providing steadiness and randomness of their outputs and physical and mathematical
unclonability of the functions themselves, taking advantage of intrinsic subtle variations in the device’s
physical properties, which are also considered object’s fingerprints. PUFs can be used for security
parameter generation (e.g. key, initialization vector, nonce and seed), entity authentication or device
identification in cryptographic modules.
Now, security requirements of PUFs should be considered at system level, meaning that they should
consider many possible attack paths, as detailed further in this document.
The purpose of this document is to define the security requirements of batches of PUFs and of single
instances of PUF for assuring an adequate level of quality of the provided PUFs in cryptographic
modules. This document is meant to be used for the following purposes.
a) In the procurement process of a PUF-equipped product, the procurement body specifies the security
requirements of the PUF in accordance with this document. The product vendor evaluates the
PUF whether the PUF satisfies all the specified security requirements, and reports the evaluation
results to the procurement body.
b) The vendors evaluate the security of their PUF, publicize the evaluation results and clarify the
security of their PUF.
It should be noted that all of the security requirements defined in this document are not necessarily
quantitatively evaluable.
This document is related to ISO/IEC 19790 which specifies security requirements for cryptographic
modules. In those modules, CSPs (e.g. key) and PSPs [e.g. identifier (ID)] are the assets to protect.
PUF is one solution to avoid storing security parameters, thereby increasing the overall security of a
cryptographic module.
© ISO/IEC 2020 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 20897-1:2020(E)
Information security, cybersecurity and privacy
protection — Physically unclonable functions —
Part 1:
Security requirements
1 Scope
This document specifies the security requirements for physically unclonable functions (PUFs). Specified
security requirements concern the output properties, tamper-resistance and unclonability of a single
and a batch of PUFs. Since it depends on the application which security requirements a PUF needs to
meet, this documents also describes the typical use cases of a PUF.
Amongst PUF use cases, random number generation is out of scope in this document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 18031, Information technology — IT Security techniques — Random bit generation
ISO/IEC 19790, Information technology — Security techniques — Security requirements for
cryptographic modules
3 Terms and definitions
For the purposes of this document, terms and definitions given in ISO/IEC 18031, ISO/IEC 19790 and
the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
challenge
variable parameters input to a PUF
Note 1 to entry: Some type of PUFs do not take an input challenge, and such PUFs are called a no-challenge PUF. A
no-challenge PUF can be seen as a special type of PUF where a challenge length is 0 bit (see 3.9).
3.2
confined PUF
DEPRECATED: weak PUF
PUF that has a limited space of challenge-response pairs
Note 1 to entry: The term “weak PUF” does not properly express the characteristics of the PUF; nonetheless, it is
the way this category of PUFs is referred to in the scientific literature.
© ISO/IEC 2020 – All rights reserved 1

3.3
extensive PUF
DEPRECATED: strong PUF
PUF that has so large space of challenge-response pairs that not all addresses cannot be read out within
the attack time scales and its entire function cannot be modelled in extenso from the knowledge of few
challenge/response pairs on a different device (e.g. a general purpose processor)
3.4
false acceptance rate
FAR
probability that the inter-distance is smaller than or equal to the set threshold
Note 1 to entry: FAR is equivalent to the evaluation of the cumulative distribution function of the inter-distance
at the set threshold.
3.5
false rejection rate
FRR
probability that the intra-distance is larger than the set threshold
Note 1 to entry: FRR is equi
...


INTERNATIONAL ISO/IEC
STANDARD 20897-1
First edition
2020-12
Information security, cybersecurity
and privacy protection — Physically
unclonable functions —
Part 1:
Security requirements
Sécurité de l'information, cybersécurité et protection de la vie
privée — Fonctions non clonables physiquement —
Partie 1: Exigences de sécurité
Reference number
©
ISO/IEC 2020
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 3
5 Security requirements for PUFs . 3
5.1 General . 3
5.2 PUF interface . 4
5.3 PUF building blocks . 4
5.4 Use cases of PUF . 5
5.4.1 Security parameter generation . 5
5.4.2 Device identification . 6
5.4.3 Device authentication . 6
5.5 Security requirements . 8
5.5.1 General. 8
5.5.2 Steadiness . 9
5.5.3 Randomness. 9
5.5.4 Uniqueness. 9
5.5.5 Tamper-resistance . 9
5.5.6 Mathematical unclonability . 9
5.5.7 Physical unclonability. 9
5.6 Mapping between security requirements and use cases .10
Annex A (informative) Classification of PUF .12
Annex B (informative) Some PUF implementations .13
Annex C (informative) PUF life-cycle .15
Bibliography .16
© ISO/IEC 2020 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www .iso .org/ iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, Information security, cybersecurity and privacy protection.
A list of all parts in the ISO/IEC 20897 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved

Introduction
This document specifies the security requirements for physically unclonable functions (PUFs) for
generating non-stored cryptographic parameters.
Cryptographic modules generate the certain class of critical security parameters such as a secret
key using a random bit generator within the modules. Such modules can store generated security
parameters in embedded non-volatile memory elements. For higher security, a combination of tamper
response and zeroization techniques may be used for protecting stored security parameters from active
unauthorized attempts of accessing such parameters. However, as the reverse-engineering technology
advances, the risk of theft of such stored security parameters has become higher than ever.
The rapidly pervading technology called a PUF is promising to mitigate the above-mentioned risks
by enabling security parameter management without storing such parameters. PUFs are hardware-
based functions providing steadiness and randomness of their outputs and physical and mathematical
unclonability of the functions themselves, taking advantage of intrinsic subtle variations in the device’s
physical properties, which are also considered object’s fingerprints. PUFs can be used for security
parameter generation (e.g. key, initialization vector, nonce and seed), entity authentication or device
identification in cryptographic modules.
Now, security requirements of PUFs should be considered at system level, meaning that they should
consider many possible attack paths, as detailed further in this document.
The purpose of this document is to define the security requirements of batches of PUFs and of single
instances of PUF for assuring an adequate level of quality of the provided PUFs in cryptographic
modules. This document is meant to be used for the following purposes.
a) In the procurement process of a PUF-equipped product, the procurement body specifies the security
requirements of the PUF in accordance with this document. The product vendor evaluates the
PUF whether the PUF satisfies all the specified security requirements, and reports the evaluation
results to the procurement body.
b) The vendors evaluate the security of their PUF, publicize the evaluation results and clarify the
security of their PUF.
It should be noted that all of the security requirements defined in this document are not necessarily
quantitatively evaluable.
This document is related to ISO/IEC 19790 which specifies security requirements for cryptographic
modules. In those modules, CSPs (e.g. key) and PSPs [e.g. identifier (ID)] are the assets to protect.
PUF is one solution to avoid storing security parameters, thereby increasing the overall security of a
cryptographic module.
© ISO/IEC 2020 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 20897-1:2020(E)
Information security, cybersecurity and privacy
protection — Physically unclonable functions —
Part 1:
Security requirements
1 Scope
This document specifies the security requirements for physically unclonable functions (PUFs). Specified
security requirements concern the output properties, tamper-resistance and unclonability of a single
and a batch of PUFs. Since it depends on the application which security requirements a PUF needs to
meet, this documents also describes the typical use cases of a PUF.
Amongst PUF use cases, random number generation is out of scope in this document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 18031, Information technology — IT Security techniques — Random bit generation
ISO/IEC 19790, Information technology — Security techniques — Security requirements for
cryptographic modules
3 Terms and definitions
For the purposes of this document, terms and definitions given in ISO/IEC 18031, ISO/IEC 19790 and
the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
challenge
variable parameters input to a PUF
Note 1 to entry: Some type of PUFs do not take an input challenge, and such PUFs are called a no-challenge PUF. A
no-challenge PUF can be seen as a special type of PUF where a challenge length is 0 bit (see 3.9).
3.2
confined PUF
DEPRECATED: weak PUF
PUF that has a limited space of challenge-response pairs
Note 1 to entry: The term “weak PUF” does not properly express the characteristics of the PUF; nonetheless, it is
the way this category of PUFs is referred to in the scientific literature.
© ISO/IEC 2020 – All rights reserved 1

3.3
extensive PUF
DEPRECATED: strong PUF
PUF that has so large space of challenge-response pairs that not all addresses cannot be read out within
the attack time scales and its entire function cannot be modelled in extenso from the knowledge of few
challenge/response pairs on a different device (e.g. a general purpose processor)
3.4
false acceptance rate
FAR
probability that the inter-distance is smaller than or equal to the set threshold
Note 1 to entry: FAR is equivalent to the evaluation of the cumulative distribution function of the inter-distance
at the set threshold.
3.5
false rejection rate
FRR
probability that the intra-distance is larger than the set threshold
Note 1 to entry: FRR is equi
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.